Pidgin allows downloading my anti-virus alert!

David Woolley forums at david-woolley.me.uk
Wed Oct 6 03:09:14 EDT 2010


Siberoj Hejesor wrote:
> 
> Pidgin - McAfee warned-says adware spyware or other.
>  Pidgin allows downloading my anti-virus alert!

The original message looks like it might be in something like Dutch:

Potentieel gevaarliijke download gedetecteerd.

In onze test bevatte deze download programma;s die sommigen beschouwen 
als adware, spyware of andera mogelijk ongwenste programma's


I'm not clear from the original translation or from the original message 
whether this is saying that it is adware etc., or that it can be used to 
download adware etc.  It also doesn't make a distinction between adware 
and truly malicious software.

ALL instant messaging services that support file transfers support the 
downloading of malware and that is why many IT managers ban them in 
their offices (the other is time wasting).  This is basically a social 
engineering problem.  IM users tend to include a lot of people who like 
sharing dodgy software and will accept file transfers from friends, or 
even anyone, without thinking about the risks.

Also, most if not all free instant messaging services, at least when 
used with the official client, are adware - why else do you think they 
are provided free (there may be a mild spyware aspect, as in Google 
mail, etc.).  One of the reasons that messaging providers often don't 
like Pidgin is that it bypasses their advertising.  I can't remember the 
outcome, but there was discussion about the fact that the original MXiT 
plugin had specific code to provide an advertising stream.

Someone needs to provide a better English translation of the message, 
but I think you need clarification from McAfee.  It seems to me that is 
pretty much impossible for a multi-protocol instant messaging client not 
to end up serving adverts and being used to propagate Malware.  I think 
you need to make a detailed analysis of the risks and decide whether you 
want to use particular IM services at all, and how you will use them safely.

> 
> Please, look at the picture Are you >>>
> http://img84.imageshack.us/img84/3337/pidginmcafeewarnedsaysa.jpg

Thanks for providing a subject that is actually relevant to the issue, 
rather than the "help" or "urgent", or "Pidgin problem", common to the 
list, but it is also better to include the text of messages in the body 
of a message, rather than as screenshots.  PNG is a much better format 
for most screenshots.

With either interpretation, the McAfee message is too general to be very 
useful for any program that is used to communicate between people over 
the internet.

At the moment, I actually consider Norton Internet Security to be the 
worst adware that I have!

-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.



More information about the Support mailing list